CHAPTER 6 Security Issues with Web Services 148 Hardware is typically faster at routing and is easier to lockdown. The software firewall may have unknown interactions with which to deal. "   Make use of a demilitarized zone (DMZ). In other words, only put the machine serving the Web Service on the public Internet. The basic theme in equipment deployment, as you have just seen, is that you should strive to keep the majority of your machines behind some sort of protective firewall. The recommended configuration looks something like what is shown in Figure 6.1. Web Service Server Database ERP System Various Clients Intranet DMZ Public Internet Router/ Firewall Other Business Applications FIGURE 6.1 Web Service deployment behind a firewall. By using a router, you can set up your equipment so that only one computer from your internal network is exposed in the DMZ. Alternatively, you can place a machine on the public Internet and set up the network such that only requests from the external machine can come through the firewall. Any requests that do not come from that IP address will not be allowed through. You may also be able to do more advanced items as well. Make sure to discuss this with your networking team or your vendor. They should be able to help you get things deployed correctly. 09 1564 CH06  4/30/02  8:50 AM  Page 148